1. From Setup, in the Quick Find box, enter Platform Encryption, and then select Key Management.
2. From the Choose Tenant Secret Type menu, select Data inSalesforce.
3. Generate or upload a tenant secret.
4. From Setup, in the Quick Find box, enter Platform Encryption, and then select Advanced Settings.
5. Enable Deterministic Encryption.
6. From Setup, select Key Management.
7. Select the Data in Salesforce (Deterministic) secret type.
8. Generate a tenant secret.You can mix and match probabilistic and deterministic encryption, encrypting some fields one way and some fields the other.
9. Enable encryption for each field, specifying the deterministic encryption scheme. How you do that depends on whether it’s a standard field or a custom field.For standard fields, from Setup, select Encryption Policy,and then select Encrypt Fields. For each field you want toencrypt, select the field name, and then choose Deterministicfrom the Encryption Scheme list. For custom fields, open the Object Manager and edit the field you want to encrypt.Select Encrypt the contents of this field, and select Use case sensitive deterministic encryption.
10. For standard fields, from Setup, select Encryption Policy,and then select Encrypt Fields. For each field you want toencrypt, select the field name, and then choose Deterministicfrom the Encryption Scheme list.
11. For custom fields, open the Object Manager and edit the field you want to encrypt.Select Encrypt the contents of this field, and select Use case sensitive deterministic encryption.
12. To encrypt your existing data with the active Data in Salesforce (Deterministic) key material, contact Salesforce Support. If you change the encryption scheme for a field from Deterministic to Probabilistic, contact Salesforce to re-encrypt data in that field with your active Data in Salesforce key material.